1 ; config options 2 ; The island of trust is at testzone.nlnetlabs.nl 3 server: 4 trust-anchor: "testzone.nlnetlabs.nl. IN DS 2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b" 5 val-override-date: "20180213111425" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 trust-anchor-signaling: no 9 aggressive-nsec: yes 10 domain-insecure: "ant.testzone.nlnetlabs.nl" 11 12 stub-zone: 13 name: "testzone.nlnetlabs.nl" 14 stub-addr: 185.49.140.60 15 stub-zone: 16 name: "ant.testzone.nlnetlabs.nl" 17 stub-addr: 185.49.140.61 18 CONFIG_END 19 20 SCENARIO_BEGIN Test to not do aggressive NSEC for domains under NTA 21 22 ; testzone.nlnetlabs.nl nameserver 23 RANGE_BEGIN 0 100 24 ADDRESS 185.49.140.60 25 26 ; response to DNSKEY priming query 27 ENTRY_BEGIN 28 MATCH opcode qtype qname 29 ADJUST copy_id 30 REPLY QR NOERROR 31 SECTION QUESTION 32 testzone.nlnetlabs.nl. IN DNSKEY 33 SECTION ANSWER 34 testzone.nlnetlabs.nl. 3600 IN DNSKEY 256 3 8 AwEAAbrNEg01ByEpUUiip+GNAkNVjUfeX7sl9kPUssR3JQvhCJWVs7aBY0Ae1cNtQWgzCmidGorlXvEY2nNBiMM4l7IXqopJsgyj+Cb3nQPVLi/7yVwUb+AIwSJw1gRFElMYonsMOL9qUrJi8BBCnCR0EqkL+X4slmtkXSJbzQAwvHI7 35 testzone.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbn0eGV0wqMBQNSVTY//BoiOD7bexC7FcVv0fH9bwjKOA8I+ob377E14vZN2xRLC2b1GG5iBckjeI+N2dB9eC2KRnScU3Gbmtw75BBYfm/y4Hu72zEjEZ0ZGv6gjSZRv/1o87ODAwQaxN8/dQD+5U/5xu12XM39bCJZx2GWTbf5L 36 testzone.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20180313101254 20180213101254 2926 testzone.nlnetlabs.nl. gSLZb/dSKutRlAKSo8ZCC1R+SkvABMYBRQsms77WPfYCDbt5GbXeuGqwGdadjEN8gGSU+qrYNxBZRhlYY6d2vtl+DGh67qwteHSwOCw0VvU64eVh38maJA1U673U4JtlBALzBOA/UHmXPlCgPPoW3BG0U3T2Qir/mqOmegmpBcw= 37 SECTION AUTHORITY 38 testzone.nlnetlabs.nl. 3600 IN NS ns.nlnetlabs.nl. 39 testzone.nlnetlabs.nl. 3600 IN RRSIG NS 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. Ox0iKc+z3i1qR1wMr8TBPYzuYO5UTaLrBsDagJAd25fvCkGN+h3HPmWlCIW0cBHsS+IaHXr1JhWutjSCc4UBcY+sT7Y7Fw3V1qdZW2KzbSgWUyPkTXoYcIIVLacSUTXEyltW6jj61WEI/RaUGUCJortvwH5iv1Hzee343isxObI= 40 SECTION ADDITIONAL 41 ENTRY_END 42 43 ; response for antelope.testzone.nlnetlabs.nl. 44 ENTRY_BEGIN 45 MATCH opcode qtype qname 46 ADJUST copy_id 47 REPLY QR NXDOMAIN 48 SECTION QUESTION 49 antelope.testzone.nlnetlabs.nl. IN TXT 50 SECTION ANSWER 51 SECTION AUTHORITY 52 testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 53 testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= 54 alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 55 alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= 56 testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 57 testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= 58 SECTION ADDITIONAL 59 ENTRY_END 60 61 RANGE_END 62 63 ; ant.testzone.nlnetlabs.nl nameserver 64 RANGE_BEGIN 0 100 65 ADDRESS 185.49.140.61 66 67 ENTRY_BEGIN 68 MATCH opcode qtype qname 69 ADJUST copy_id 70 REPLY QR NOERROR 71 SECTION QUESTION 72 ant.testzone.nlnetlabs.nl. IN TXT 73 SECTION ANSWER 74 ant.testzone.nlnetlabs.nl. 10 IN TXT "domain under NTA" 75 ENTRY_END 76 RANGE_END 77 78 STEP 1 QUERY 79 ENTRY_BEGIN 80 REPLY RD DO 81 SECTION QUESTION 82 antelope.testzone.nlnetlabs.nl. IN TXT 83 ENTRY_END 84 85 ; recursion happens here. 86 STEP 10 CHECK_ANSWER 87 ENTRY_BEGIN 88 MATCH all 89 REPLY QR RD RA DO AD NXDOMAIN 90 SECTION QUESTION 91 antelope.testzone.nlnetlabs.nl. IN TXT 92 SECTION ANSWER 93 SECTION AUTHORITY 94 testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 95 testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= 96 alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 97 alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= 98 testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 99 testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= 100 SECTION ADDITIONAL 101 ENTRY_END 102 103 ; query for ant.testzone.nlnetlabs.nl, which is below an NTA 104 STEP 20 QUERY 105 ENTRY_BEGIN 106 REPLY RD DO 107 SECTION QUESTION 108 ant.testzone.nlnetlabs.nl. IN TXT 109 ENTRY_END 110 111 STEP 30 CHECK_ANSWER 112 ENTRY_BEGIN 113 MATCH all 114 REPLY QR RD RA DO NOERROR 115 SECTION QUESTION 116 ant.testzone.nlnetlabs.nl. IN TXT 117 SECTION ANSWER 118 ant.testzone.nlnetlabs.nl. 10 IN TXT "domain under NTA" 119 ENTRY_END 120 121 SCENARIO_END 122
Indexes created Mon Jun 01 00:24:59 UTC 2026